Welcome to the PiMP OS and Miner.farm forum.

Discussion about DNS Privacy


  • Staff

    Good discussion on DNS privacy from the PiMP Discord folks:

    Question for you all on vpn's: my provider doesn't have their own dns, so would like to ask: vpn providers, do they their own dns providers dns servers / Google's/ or a third parties? what about Google being able to track from the dns request which site your visiting, are your not concerned with that too much given the fact that the data is encrypted from sender to receiver?

    How many dns requsts do you think that address recieves per second?
    (hint: its in the millions)
    While google could try to filter that for a list of people to watch, its both impractical and not in googles interest to do so.

    here is the real danger: since google DNS is a top level domain controller, they can choose to block lookups on a given site. This action is usually taken against known bot control nodes, etc
    they dont have to filter traffic, they can just shut a site off by denying lookups for it.
    the majority of DNS root machines are in the US, which means they are subject to US law. IF the US decides to pass a law that requires blocking certain sites based on criteria...

    In the UK, British Telecom does block sites as they see fit, which many feel is censorship.

    This has almost happened in the USA: https://en.wikipedia.org/wiki/Stop_Online_Piracy_Act

    Stop Online Piracy Act
    The Stop Online Piracy Act (SOPA) was a controversial United States bill introduced by U.S. Representative Lamar S. Smith (R-TX) to expand the ability of U.S. law enforcement to combat online copyright infringement and online trafficking in counterfeit goods.

    Yes I read on my app that google is release Intra app for secure dns requests for older Android's vs 8 backwards
    and also ESNI... Interesting times.

    Bottom line: you are likely safe using google dns as a default for almost any activity. However, if you are concerned about potential hazards from google (via US law or whatever), you can use a DNS root located in your country of choice.

    ESNI is interesting; it neatly solves a problem the internet has had for a while and it uses the same idea as mail SPF records. But instead of a record listing authorized mail servers, it would be the public key of the site
    since you are making the lookup anyway, adding the key record to the results is a no brainer.

    I use the following site for a list of DNS roots: https://www.iana.org/domains/root/servers

    Typically you would not use the root server for your daily lookups, as it is busy answering all lower dns servers.
    Note, Google's 8.8.8.8 server isnt in there.

    Other DNS providers are available as well. Here is an example of one addressing your concerns:

    https://1.1.1.1/
    1.1.1.1 — the Internet’s Fastest, Privacy-First DNS Resolver

    ESNI is brand new, still proposed:
    https://www.eff.org/deeplinks/2018/09/esni-privacy-protecting-upgrade-https

    Electronic Frontier Foundation
    ESNI: A Privacy-Protecting Upgrade to HTTPS
    Today, the content-delivery network Cloudflare is announcing an experimental deployment of a new web privacy technology called ESNI. We’re excited to see this development, and we look forward to a future where ESNI makes the web more private for all its users.

    Peoplw can also use more secure DNS server software.

    Whats tinydns? it is dns resolver service software.

    Apache is a web server, bind and tinydns are dns servers.
    Bind is the usual default, but its very insecure and slow.
    Tiny is written (long ago) by a brilliant but crazy man. It works insanely fast, is absolutely secure.


  • Support

    Many thanks Melt :)



  • Melt, I collect and track various dns providers for latency reduction purposes. A great tool to try is DNS Jumper...
    https://www.sordum.org/7952/dns-jumper-v2-1/
    You can add your own favorites to it. This can be night and day difference in both your security and your surfing experience.


  • Staff

    Wow this is a great Windows tool!
    Thank you for sharing it.


  • Staff

    Today I will guide you How to Blind your ISP & keep your data safe!

    Protect your privacy. Defend yourself against network surveillance and traffic analysis and stop your isp from spying on you.

    It's simple and can be done via Firefox. When you enable this, you don't need a VPN to browse blocked websites, It will unlock all domains worldwide.

    How to:

    1. Download Latest Firefox From https://www.mozilla.org/en-US/firefox/

    2. Install and Open it.

    3. In Firefox "Address bar"

    type: about:config

    Press Enter and click on "I accept the risk!" which will allow you to configure Firefox properly.

    1. Search for "esni.enabled"

    Double Click on it or right click and click "Toggle" which will enable "esni.enabled".

    1. Search for "trr.mode"

    Double click on it or right click and select Modify.

    Set network.trr.mode to 2 to make DNS Over HTTPS. It will secure your connection and unlock all blocked domain names.

    Enter 2 and Click OK!

    1. Test your connection and It should be fully secured.

    Browse https://encryptedsni.com

    Click on: Check My Browser



  • Thanks for this!

    Here is an easy to understand explanation of DOH: https://hacks.mozilla.org/2018/05/a-cartoon-intro-to-dns-over-https/
    Here is an explantion for mozilla: https://daniel.haxx.se/blog/2018/06/03/inside-firefoxs-doh-engine/

    Also, looks like running DOT on dd-wrt to cloudflare instead of DOH on the browser to cloudflare could be a great general option for SOHO networks. https://blog.cloudflare.com/dns-over-tls-for-openwrt/

    Here are some other clients: https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Clients


  • Staff

    Privacy fans rejoice.... The censors are losing.... May freedom reign. https://techcrunch.com/2019/07/05/isp-group-mozilla-internet-villain-dns-privacy


 



Want 10% more hash from your rigs?



We promise to keep your email safe and never spam you.



Copyright (c) 2012-2018 PiMP LLC. All rights Reserved.